6 const uint8_t *expected_key_usage,
7 const cx_curve_t *expected_curve,
10 uint8_t key_usage = 0;
11 size_t certificate_name_len = 0;
12 uint8_t certificate_name[CERTIFICATE_TRUSTED_NAME_MAXLEN] = {0};
13 cx_ecfp_384_public_key_t public_key = {0};
14 bolos_err_t bolos_err;
17 bolos_err = os_pki_get_info(&key_usage, certificate_name, &certificate_name_len, &public_key);
18 if (bolos_err != 0x0000) {
19 PRINTF(
"Error %x while getting PKI certificate info\n", bolos_err);
24 if (expected_key_usage != NULL && key_usage != *expected_key_usage) {
25 PRINTF(
"Wrong usage certificate %d, expected %d\n", key_usage, *expected_key_usage);
28 if (expected_curve != NULL && public_key.curve != *expected_curve) {
29 PRINTF(
"Wrong curve %d, expected %d\n", public_key.curve, *expected_curve);
33 PRINTF(
"Certificate '%s' loaded with success\n", certificate_name);
37 (uint8_t *) hash.
ptr, hash.
size, (uint8_t *) signature.
ptr, signature.
size)) {
38 PRINTF(
"Error, '%.*H' is not a signature of hash '%.*H' by the PKI key '%.*H'\n",
48 PRINTF(
"Signature verified successfully\n");
check_signature_with_pki_status_t check_signature_with_pki(const buffer_t hash, const uint8_t *expected_key_usage, const cx_curve_t *expected_curve, const buffer_t signature)
Checks a signature using the PKI certificate.